Contact Us

Yorosis Responsible Disclosure

At Yoroflow, we view collaboration with the security community as essential to protecting our customers. We encourage responsible reporting of vulnerabilities and are committed to addressing them swiftly and transparently. Our responsible disclosure program ensures that every report is handled with care, fostering trust, accountability, and continuous improvement. By working together, we make our platform more secure for everyone.

Last Updated on : 11th September 2025.
Version: 1.0

1. Eligibility for Recognition

To be eligible for recognition, you must:

  • Be the first person to responsibly disclose the bug.
  • Report a bug that could:
  1. Compromise our users private data,
  2. Circumvent our system protections, or
  3. Enable unauthorized access to systems within our infrastructure.

2. Rules of Engagement

By participating, you agree to:

  • Allow us reasonable time to investigate and mitigate a reported vulnerability.
  • Refrain from:
  1.  Accessing, modifying, or destroying data that does not belong to you.
  2. Performing denial-of-service or other actions that negatively affect users.
  3. Submitting automated tool scans without context.
  • Not exploit any vulnerability you discover.
  • Not violate any laws or breach any agreements during your testing.
  • Not publicly disclose details of the vulnerability without our explicit permission.

3. Scope

  • In-scope domain(s): *.yoroflow.com, *.yorosis.com

4. Reporting Process:

Submit your report to: itsecurity@yorosis.com

Your report must include the following information:

  1. Contact email address
  2. Vulnerability description
  3. Vulnerability locations
  4. Steps to reproduce
  5. Supporting Material/References (e.g., screenshots, PoC)
  6. Recommended fix
  7. Assumed impact

5. Acknowledgements

We greatly appreciate your responsible and ethical contributions. We recognize researchers with Yorosis goodies and a listing in our Hall of Fame for genuine, validated disclosures. Thank you for helping us maintain a secure environment!

6. Examples of vulnerabilities we will consider

We welcome reports including (but not limited to):

  • Injection & deserialization vulnerabilities (SQL/NoSQL/LDAP, command injection, object deserialization)
  • Broken Authentication / Authorization
  • Sensitive data exposure
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • XML external entities (XXE)
  • Server-side request forgery (SSRF)
  • Broken Session flaws
  • Remote Code Execution (RCE)
  • Privilege Escalation
  • Business Logical flaws
  • Open Redirects (which allow stealing secrets/tokens)
  • Under-protected APIs
  • Known and zero-day vulnerabilities

7. Out-of-Scope Vulnerabilities

The following are generally not considered unless they lead to proven exploitation:

  • Clickjacking
  • Bugs requiring exceedingly unlikely user interaction (e.g Social engineering)
  • Spamming (e.g. SMS/Email Bombing)
  • Any kind of spoofing attacks or any attacks that leads to phishing (e.g. Email spoofing, Capturing login credentials with fake login page)
  • Denial-of-service attacks or vulnerabilities that leads to DOS/DDOS
  • Weak CAPTCHA or CAPTCHA bypass (e.g. using browser addons)
  • Rate limit mechanism bypass
  • Brute force on forms (e.g. Contact us page)
  • TLS configuration weaknesses.
  • Non-compliance with best practices (SPF/DKIM/DMARC, CSP misconfigurations, etc.).
  • Automated tool output without manual validation.
  • Reporting usage of known-vulnerable software/known CVE’s without proving the exploitability of Yorosis’s infrastructure by providing a proper proof of concept
  • Bugs which Yorosis is already aware of or those already classified as ineligible

8. Our Response

If you submit a report within scope, we will:

  1. Confirm receipt within 5 business days.
  2. Provide an initial assessment and expected resolution timeline within 10 business days of confirmation. (We may extend this timeline in special cases with notice.)
  3. Treat your report as confidential and not share your details with third parties, unless legally required.

9. Hall of Fame

We proudly recognize security researchers who have helped us by reporting valid and impactful vulnerabilities.

  1. Researchers may choose to have their name, handle, or alias listed.
  2. Recognition will only be given after the reported vulnerability has been resolved and disclosure has been mutually agreed upon.

10. Legal Points

We shall not issue reward or recognition to any individual who does not follow the guidelines of our program and depending upon the action of an individual, we could take strict legal action. Yorosis does not commit to any compensation as communicated to you at the time of your submission. Yorosis shall not be liable to make any payments or rewards towards you in any other circumstances. Yorosis shall also not be liable in the event of delayed response to you for any submission.

Discover the Yoroflow Platform and unlock its features to achieve better results.

Hall of fame

We would like to thank the following security researchers for their responsible disclosures and valuable contributions in helping us strengthen the security of our platform.

Ashutosh raval 

Sagar Dhekles

MoSamy

Have your own idea? Reach Us

Talk to Expert

Have your own idea? Reach Us

Talk to Expert

Phone Number

+1 855 625 9676

Email Us Here

contactus@yorosis.com

Office Address

5830 Granite Pkwy, Ste# 100 277, Plano, TX 75024

Product
Yoroflow
YoroRules
YoroClaims
Solutions
No-Code Automation
Digital Workplace
Helpdesk Software
AI Orchestration
Industries
Healthcare
Human Resources
IT Development
IT Support & Services
Marketing & Sales
Education
Finance
Manufacturing & Production
Services
DevOps
Product Development
Cloud Services
System Modernization
Data Analytics
Big Data
Consulting
Strategic Consulting
Product Consulting
Cloud Consulting
Company
About Us
Careers
Contact Us
Blog
News

Yoroflow

YoroRules

YoroClaims
 

No-Code Automation

Digital Workplace

Helpdesk Software

AI Orchestration

Healthcare

Human Resources

IT Development

IT Support & Services

Marketing & Sales

Education

Finance

Manufacturing & Production
 

DevOps

Product Development

Cloud Services

System Modernization

Data Analytics

Big Data
 

Strategic Consulting

Product Consulting

Cloud Consulting
 

About Us

Careers

Contact Us

Blog

News
 

© 2026 Yorosis Technologies Inc | Terms & Conditions  | Security | Compliance | Responsible Disclosure | Privacy Policy | Cookie Policy

Facebook Linkedin